cgi cgi_main.c

Ilia Alshanetsky Mon, 23 Oct 2006 12:18:04 -0700

iliaa           Mon Oct 23 19:17:51 2006 UTC

  Modified files:              
    /php-src/sapi/apache        mod_php5.c 
    /php-src/sapi/apache2filter sapi_apache2.c 
    /php-src/sapi/apache2handler        sapi_apache2.c 
    /php-src/sapi/cgi   cgi_main.c 
  Log:
  Added filter support for $_SERVER in cgi/apache2 sapis
  Make sure PHP_SELF if filtered in Apache 1 sapi
  
  
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.39&r2=1.40&diff_format=u
Index: php-src/sapi/apache/mod_php5.c
diff -u php-src/sapi/apache/mod_php5.c:1.39 php-src/sapi/apache/mod_php5.c:1.40
--- php-src/sapi/apache/mod_php5.c:1.39 Thu Oct 12 20:13:07 2006
+++ php-src/sapi/apache/mod_php5.c      Mon Oct 23 19:17:50 2006
@@ -17,7 +17,7 @@
    | PHP 4.0 patches by Zeev Suraski <[EMAIL PROTECTED]>                      |
    +----------------------------------------------------------------------+
  */
-/* $Id: mod_php5.c,v 1.39 2006/10/12 20:13:07 bfrance Exp $ */
+/* $Id: mod_php5.c,v 1.40 2006/10/23 19:17:50 iliaa Exp $ */
 
 #include "php_apache_http.h"
 #include "http_conf_globals.h"
@@ -242,10 +242,11 @@
        table_entry *elts = (table_entry *) arr->elts;
        zval **path_translated;
        HashTable *symbol_table;
+       int new_val_len;
 
        for (i = 0; i < arr->nelts; i++) {
                char *val;
-               int val_len, new_val_len;
+               int val_len;
 
                if (elts[i].val) {
                        val = elts[i].val;
@@ -270,7 +271,9 @@
                php_register_variable("PATH_TRANSLATED", 
Z_STRVAL_PP(path_translated), track_vars_array TSRMLS_CC);
        }
 
-       php_register_variable("PHP_SELF", ((request_rec *) 
SG(server_context))->uri, track_vars_array TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &((request_rec 
*) SG(server_context))->uri, strlen(((request_rec *) SG(server_context))->uri), 
&new_val_len TSRMLS_CC)) {
+               php_register_variable("PHP_SELF", ((request_rec *) 
SG(server_context))->uri, track_vars_array TSRMLS_CC);
+       }
 }
 /* }}} */
 
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2filter/sapi_apache2.c?r1=1.141&r2=1.142&diff_format=u
Index: php-src/sapi/apache2filter/sapi_apache2.c
diff -u php-src/sapi/apache2filter/sapi_apache2.c:1.141 
php-src/sapi/apache2filter/sapi_apache2.c:1.142
--- php-src/sapi/apache2filter/sapi_apache2.c:1.141     Tue Jul 25 13:41:08 2006
+++ php-src/sapi/apache2filter/sapi_apache2.c   Mon Oct 23 19:17:50 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: sapi_apache2.c,v 1.141 2006/07/25 13:41:08 dmitry Exp $ */
+/* $Id: sapi_apache2.c,v 1.142 2006/10/23 19:17:50 iliaa Exp $ */
 
 #include <fcntl.h>
 
@@ -220,11 +220,18 @@
        char *key, *val;
        
        APR_ARRAY_FOREACH_OPEN(arr, key, val)
-               if (!val) val = "";
-               php_register_variable(key, val, track_vars_array TSRMLS_CC);
+               if (!val) {
+                       val = "";
+               }
+               if (sapi_module.input_filter(PARSE_SERVER, key, &val, 
strlen(val), &new_val_len TSRMLS_CC)) {
+                       php_register_variable_safe(key, val, new_val_len, 
track_vars_array TSRMLS_CC);
+               }
        APR_ARRAY_FOREACH_CLOSE()
                
        php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array 
TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, 
strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+               php_register_variable_safe("PHP_SELF", ctx->r->uri, 
new_val_len, track_vars_array TSRMLS_CC);
+       }
 }
 
 static void
http://cvs.php.net/viewvc.cgi/php-src/sapi/apache2handler/sapi_apache2.c?r1=1.74&r2=1.75&diff_format=u
Index: php-src/sapi/apache2handler/sapi_apache2.c
diff -u php-src/sapi/apache2handler/sapi_apache2.c:1.74 
php-src/sapi/apache2handler/sapi_apache2.c:1.75
--- php-src/sapi/apache2handler/sapi_apache2.c:1.74     Thu Aug 10 13:43:59 2006
+++ php-src/sapi/apache2handler/sapi_apache2.c  Mon Oct 23 19:17:51 2006
@@ -18,7 +18,7 @@
    +----------------------------------------------------------------------+
  */
 
-/* $Id: sapi_apache2.c,v 1.74 2006/08/10 13:43:59 tony2001 Exp $ */
+/* $Id: sapi_apache2.c,v 1.75 2006/10/23 19:17:51 iliaa Exp $ */
 
 #define ZEND_INCLUDE_FULL_WINDOWS_HEADERS
 
@@ -232,13 +232,20 @@
        php_struct *ctx = SG(server_context);
        const apr_array_header_t *arr = apr_table_elts(ctx->r->subprocess_env);
        char *key, *val;
+       int new_val_len;
 
        APR_ARRAY_FOREACH_OPEN(arr, key, val)
-               if (!val) val = "";
-               php_register_variable(key, val, track_vars_array TSRMLS_CC);
+               if (!val) {
+                       val = "";
+               }
+               if (sapi_module.input_filter(PARSE_SERVER, key, &val, 
strlen(val), &new_val_len TSRMLS_CC)) {
+                       php_register_variable_safe(key, val, new_val_len, 
track_vars_array TSRMLS_CC);
+               }
        APR_ARRAY_FOREACH_CLOSE()
 
-       php_register_variable("PHP_SELF", ctx->r->uri, track_vars_array 
TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &ctx->r->uri, 
strlen(ctx->r->uri), &new_val_len TSRMLS_CC)) {
+               php_register_variable_safe("PHP_SELF", ctx->r->uri, 
new_val_len, track_vars_array TSRMLS_CC);
+       }
 }
 
 static void
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.300&r2=1.301&diff_format=u
Index: php-src/sapi/cgi/cgi_main.c
diff -u php-src/sapi/cgi/cgi_main.c:1.300 php-src/sapi/cgi/cgi_main.c:1.301
--- php-src/sapi/cgi/cgi_main.c:1.300   Sat Sep 23 12:27:35 2006
+++ php-src/sapi/cgi/cgi_main.c Mon Oct 23 19:17:51 2006
@@ -21,7 +21,7 @@
    +----------------------------------------------------------------------+
 */
 
-/* $Id: cgi_main.c,v 1.300 2006/09/23 12:27:35 tony2001 Exp $ */
+/* $Id: cgi_main.c,v 1.301 2006/10/23 19:17:51 iliaa Exp $ */
 
 #include "php.h"
 #include "php_globals.h"
@@ -467,19 +467,26 @@
                     zend_hash_get_current_key_ex(&request->env, &var, 
&var_len, &idx, 0, &pos) == HASH_KEY_IS_STRING &&
                     zend_hash_get_current_data_ex(&request->env, (void **) 
&val, &pos) == SUCCESS;
                     zend_hash_move_forward_ex(&request->env, &pos)) {
-                       php_register_variable(var.s, *val, array_ptr TSRMLS_CC);
+                       int new_val_len;
+                       if (sapi_module.input_filter(PARSE_SERVER, var.s, val, 
strlen(*val), &new_val_len TSRMLS_CC)) {
+                               php_register_variable_safe(var.s, *val, 
new_val_len, array_ptr TSRMLS_CC);
+                       }
                }
        }
 }
 
 static void sapi_cgi_register_variables(zval *track_vars_array TSRMLS_DC)
 {
+       int new_val_len;
+       char *val = SG(request_info).request_uri ? SG(request_info).request_uri 
: "";
        /* In CGI mode, we consider the environment to be a part of the server
         * variables
         */
        php_import_environment_variables(track_vars_array TSRMLS_CC);
        /* Build the special-case PHP_SELF variable for the CGI version */
-       php_register_variable("PHP_SELF", (SG(request_info).request_uri ? 
SG(request_info).request_uri : ""), track_vars_array TSRMLS_CC);
+       if (sapi_module.input_filter(PARSE_SERVER, "PHP_SELF", &val, 
strlen(val), &new_val_len TSRMLS_CC)) {
+               php_register_variable_safe("PHP_SELF", var, new_val_len, 
track_vars_array TSRMLS_CC);
+       }
 }
 
 static void sapi_cgi_log_message(char *message)


-- 
PHP CVS Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP-CVS] cvs: php-src /sapi/apache mod_php5.c /sapi/apache2filter sapi_apache2.c /sapi/apache2handler sapi_apache2.c /sapi/cgi cgi_main.c

Reply via email to